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DETAILED ACTION 



Claim Rejections - 35 USC § 102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 



(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 (AIPA) and 
the Intellectual Property and High Technology Technical Amendments Act of 2002 do not apply when 
the reference is a U.S. patent resulting directly or indirectly from an international application filed 
before November 29, 2000. Therefore, the prior art date of the reference is determined under 35 
U.S.C. 102(e) prior to the amendment by the AIPA (pre-AlPA 35 U.S.C. 102(e)). 



Claims 1-4, 8, 9, 19-23, and 30 are rejected under 35 U.S.C. 102(b) as being 
anticipated by US Patent No. 5,144,659 to Jones. 

As per claim 1, Jones in an analogous art, adequately discloses receiving 
information indicative of a possible change to a protected file (see col. 9, lines 58-61 in 
which it is stated that in the event that files are inconsistent, the user is notified.) 

As per determining whether the change is valid by verifying the file, Jones 
discloses that the file is identified and the system is locked until corrective action is 
taken, including removal and replacement of the file or an override by the system 
administrator, thus the administrator is making the determination as to whether the 
change is valid (see col. 9, lines 61-68). This decision made by the system 
administrator constitutes the verification of the alerted-to file. 



States. 
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As per preventing the change, preventing the change, Jones discloses removal 
and replacement of the file (see col. 9, lines 61-68). 

As per claim 2, it is rejected on the same basis as claim 1 above because the 
received information indicative of a possible change does in fact include receiving 
notification indicative of a change to a protected file, as mentioned above. 

As per claim 3, it is rejected on the same basis as claim 2 above because claim 2 
recites the limitation of notification indicative of a change to a protected file. Claim 3 
differs from claim 2, only in that claim 3 recites the limitation of accessing information to 
determine whether the file is protected. Jones also discloses file access criteria 
developed when the security system is first implemented, to include information such as 
names of files to be protected, and only accessible to a system administrator (see col. 
9, lines 19-38.) 

As per claim 4, it is rejected on the same basis as claim 1 above because 
preventing the change by way of removal and replacement is discussed in Jones, as 
mentioned above, which is in effect overwriting a changed copy. 

As per claim 8, it is rejected on the same basis as claim 1 above, because the 
use of file signatures to test the validity of changes is discussed by Jones, (see col. 9, 
lines 49-57). 

As per claim 9, it is rejected on the same basis as claim 1 above because it 
differs from claim 1 only in that it recites the limitation of monitoring files in a file system, 
which is also adequately disclosed in Jones (see col. 9, lines49-68, in which the process 
of monitoring the system during startup takes place.) 
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As per claim 19, it is rejected on the same basis as claim 1 above because it 
differs from claim 1 only in that it recites the limitation of receiving information that a 
protected file is about to be changed, preserving a copy of the protected file, and 
wherein preventing the change includes overwriting a changed copy of the file with a 
copy of the protected file that was preserved. 

As per receiving information that a protected file is about to be changed (see col. 
9, lines 58-61). 

As per preserving a copy of the protected file, Jones discloses removal and 
replacement of the file (see col. 9, lines 61-68), which means that the protected file must 
have been preserved. 

As per preventing the change includes overwriting a changed copy of the file with 
a copy of the protected file that was preserved, Jones discloses removal and 
replacement of the file (see col. 9, lines 61-68), which in effect overwrites the changed 
copy. 

As per claim 20, Jones discloses selecting a plurality of files as protected files, 
see col. 3, lines 40-43, in which the files to be protected are designated. 

As per receiving information indicative of a possible change to a protected file, 
see col. 9 lines 58-63, in which inconsistencies to files results in a notification to the 
user. 

As per determining whether the file is an exception case, and if so allowing the 
change, Jones discloses that the corrective action to be taken to resolve the 
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inconsistency to the file might include an override. This would be done if it were an 
exception. 

As per determining whether the change is valid by verifying the file, and if so 
allowing the change, and if not preventing the change, see col. 9, lines 58-68, in which 
Jones discloses that the file is identified and the system is locked until corrective action 
is taken, including removal and replacement of the file or an override, thus the 
determination as to whether the change is valid is made(see col. 9, lines 61-68). This 
decision constitutes the verification of the alerted-to file, and the action taken is to either 
allow the change or deny the change, by either overriding, or by removal and 
replacement of the changed file, respectively. 

As per claim 21 , it is rejected on the same basis as claims 2 and 20 above. 

As per claim 22, it is rejected on the same basis as claims 3 and 20 above. 

As per claim 23, it is rejected on the same basis as claims 4 and 20 above. 

As per claim 30, it is rejected on the same basis as claims 20 above, because 
Jones also discloses the use of file signatures to test the validity of changes is, (see col. 
9, lines 49-57). 

Claims 1 and 5 are rejected under 35 U.S.C. 102(b) as being clearly anticipated 
by US Patent No. 4,884,21 1 to Kishi. 

As per claims 1 and dependent claim 5, Kishi adequately discloses, in a 
computer system, a method comprising: receiving information indicative of a possible 
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change to a protected file, and determining whether the change is valid by verifying the 
file, and if not valid, preventing the change including discarding change data, (see figure 
2). 



Claims 1,3, 4, 6, 7, 9, 19, 31-35, 38-40 and 44 are rejected under 35 U.S.C. 
102(e) as being anticipated by US Patent No. 6,618,735 to Krishnaswami. 

The applied reference has a common assignee with the instant application. 
Based upon the earlier effective U.S. filing date of the reference, it constitutes prior art 
under 35 U.S.C. 102(e). This rejection under 35 U.S.C. 102(e) might be overcome 
either by a showing under 37 CFR 1.132 that any invention disclosed but not claimed in 
the reference was derived from the inventor of this application and is thus not the 
invention "by another," or by an appropriate showing under 37 CFR 1.131. 

As per claim 1, 

As per "in a computer system, a method comprising receiving information 
indicative of a possible change to a protected file" see Krishnaswami, claim 1, in which it 
cites a method in a computer system comprising detecting a change being made to a 
protected file, and saving the copy before the change is made. This means that the 
component copying the file before the change must have been received information 
indicative of a possible change to a protected file. 

As per "determining whether the change is valid by verifying the file," see 
Krishnaswami, claim 1 in which it cites determining whether the change to the shared 
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system file is valid, including comparing a version number and hash with another file. 
This constitutes the verification. 

As per "and if not valid, preventing the change" see Krishnaswami in which claim 
1 cites if the change is invalid undoing the change. 

As per claim 3, see Krishnaswami, claim 9. 

As per claim 4, 

As per the method of claim 1 wherein preventing the change includes overwriting 
a changed copy of the file with a valid copy of the protected file, see Krishnaswami 
claim 6. 

As per claim 6, see Krishnaswami, claim 1. 
As per claim 7, see Krishnaswami, claim 4. 
As per claim 9, see Krishnaswami, claim 1. 
As per claim 19, see Krishnaswami, claim 1 . 
As per claim 31, 

As per a protected file, see Krishnaswami, claim 1 in which it cites protecting 
shared system files, constituting a computer system comprising at least a protected file. 

As per a detection mechanism configured to determine when a protected file may 
be changed, see Krishnaswami, claim 1 , in which it is cited that a the system comprises 
detecting a change being made to a file that is to be protected. 

As per a verification mechanism, see Krishnaswami, claim 1 in which it cites 
determining whether the change to the shared system file is valid, including comparing 
a version number and hash with another file. This constitutes the verification. 
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As per a file protection service, see Krishnaswami, claim 12, in which the system 
comprises a file protection service component. 

As per the file protection service configured to receive a determination from the 
detection mechanism that the protected file may be changed, and further configured to 
communicate with the verification mechanism to verify whether the change is valid, and 
to prevent the change when the change is not valid, see Krishnaswami, claim 12, all text 
below "the monitoring component monitoring changes to system..." 

As per claim 32, it is rejected on the same basis as claim 31 , because 
Krishnaswami also cites a monitoring component as part of the detection service which 
monitors protected files for changes, as mentioned above. 

As per claim 33, it is rejected on the same basis as claim 31 , because 
Krishnaswami also cites a computer system wherein the detection mechanism provides 
a notification to the file protection service as the determination mechanism that the 
protected file may be changed. See claim 12, which cites that the monitoring service 
detects a change being made, and prior to the change being made it saves a copy of 
the protected file, and notifies the file protection service. 

As per claim 34, it is rejected on the same basis as claim 31 , because 
Krishnaswami also cites the file protection service accessing a database identifying 
protected system files installed on a computer. 

As per claim 35, it is rejected on the same basis as claim 31 , because 
Krishnaswami also discloses that the operating system is provided with a monitoring 
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component, which means that the file protection service is a part of the file system. See 
coL1, lines 64-67. 

As per claim 38, it is rejected on the same basis as claim 31 , because 
Krishnaswami, claim 1 also discloses verification whether a file change is valid by 
comparing a hash of the file contents against a hash associated with a valid file. 

As per claim 39, it is rejected on the same basis as claim 38, because 
Krishnaswami, claim 3 also cites comparing the hash of the changed version with that of 
another file on the system wherein the comparing includes retrieving data regarding the 
highest version of the shared system file from a database containing data identifying 
protected files installed on a computer system. 

As per claim 40, it is rejected on the same basis as claim 31 , because 
Krishnaswami, claim 12 cites undoing the change by using the saved copy of the 
protected file before the change. Examiner asserts that it is a known method to copy a 
valid file over an unwanted changed version of the same file. 

As per claim 44, it is rejected on the same basis as claims 40 and 19 above. 

As per claim 45, it is rejected on the same basis as claim 31, because it includes 
all limitations of claim 31 , and further limits it citing the system of claim 31 further 
comprising a scanning mechanism for causing a plurality of files to trigger the detection 
system, and this limitation is also found in Krishnaswami. See Krishnaswami claim 1, in 
which a monitoring system is disclosed. The monitoring system discovers the change 
to all files that have been changed. Examiner asserts that the monitoring system must 
perform a scan as part of the process of discovering these changes. 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



Claims 10-13 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Jones as applied to claim 1 above, in view of US Patent No. 5,604,862 to Midgeley. 

As per claim 10, dependent from claim 1 , Jones discloses all limitations of claim 
1 as discussed above. Jones does not explicitly disclose the further limitations of the 
method of claim 1 , wherein preventing the change includes copying a valid copy of the 
protected file to a former location of the protected file. However, Midgeley in an 
analogous art, adequately discloses reversing a change to a protected file by first 
caching valid copies of the file and storing it in an archive, and then restoring it from the 
archive (see col. 2, lines 34-44, and lines 8-18). It would have been obvious to one 
having ordinary skill in the art at the time the invention was made to prevent a change to 
a protected file by incorporating the method of copying a valid copy of the protected file 
to a former location of the protected file. One would have been motivated to do so 
because the cache archive of the files provides rapid access to the most recent good 
version of the file as explained in Midgeley (see col. 1 , lines 50-58). 
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As per claim 1 1 , dependent from claim 10, Midgeley discloses that the archived 
files are cataloged with detailed information including full filename, timestamp 
information and so on, and the catalog is used so that a user can request a restoration 
of a file (see col. 10, lines 8-21). The filename of the file in the catalog constitutes the 
identity of a file. In order to restore a given file, it is disclosed that a user could request 
it by identity, and locate it in the catalog for restoration. It would have been obvious to 
one having ordinary skill in the art at the time the invention was made to find a file 
having the same identity as the protected file, in order to restore the sound version of 
the file. One would have been motivated to so because it is the corrupted file that the 
user would be seeking to replace, and they would have to find a file having the same 
identity in order to replace it. 

As per claim 12, it is rejected on the same basis as claim 1 1 , because it depends 
from claim 1 1 , which depends from claim 10, and further limits 1 1 by confining the 
search location of the identity of the file to be replaced to include accessing a cache 
which is all ready a limitation discussed in the rejection of claim 10. 

As per claim 13, dependent from claim 12, it is rejected on the same basis as 
claim 12 discussed above, in addition to the fact that Midgeley further discloses 
verifying the file having the same identity (see col. 2, lines 45-54). It would have been 
obvious to one having ordinary skill in the art at the time the invention was made to 
modify Jones in view of Midgeley such that Jones's method included verifying the file 
having the same identity. One would have been motivated to do so because it is 
desirable to make sure that the cached files are in fact valid copies of the files. 
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Claims 14-17 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Jones in view of Midgeley as applied to claim 1 1 above, and further in view of "www.dll- 
files.com", hereinafter Dllfiles. 

As per claim 14, the Jones-Midgeley combination discloses all limitations of claim 
1 1 as discussed above, but fails to explicitly disclose finding the file having the same 
identity as the protected file includes accessing a network. However, Dllfiles, in an 
analogous art, adequately discloses accessing a network to find files having the same 
identity as those files which are missing. It would have been obvious to one having 
ordinary skill in the art at the time the invention was made to utilize the teaching of 
Dllfiles files such that the Jones-Midgeley combination accessed a network in order to 
find files having the same identity as protected files by accessing a network. One would 
have been motivated to do so because Dllfiles discloses this as a solution to restoring 
missing files. 

As per claim 15, dependent from claim 14, it is rejected on the same basis as 
claim 14 discussed above, because the fact that the Jones-Midgeley combination 
discloses verifying the file having the same identity (see Midgeley col. 2, lines 45-54), as 
discussed previously. 

As per claim 16, dependent from claim 15, it is rejected on the same basis as 
claim 15, because Midgeley also discloses finding the file having the same identity as 
the protected file by accessing a recorded medium (see col. 2, lines 63-66, and col. 3, 
lines 8-18, in which it is disclosed that the files are recorded to a removable storage 
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media, and that they are readily accessible for recovery through this avenue.) It would 
have been obvious to one having ordinary skill in the art at the time the invention was 
made to include Midgeley' s feature of finding the file having the same identity as the 
protected file by accessing a recorded medium in the Jones-Midgeley-Dllfiles 
combination. One would have been motivated to do so because Midgeley discloses 
that this would allow a nearly up-to-date protected file always available (see col. 3, lines 
8-18). 

As per claim 17, dependent from claim 16, it is rejected on the same basis as 
claim 16 discussed above, because the fact that the Jones-Midgeley-Dllfiles 
combination discloses verifying the file having the same identity (see Midgeley col. 2, 
lines 45-54), as discussed previously. 

Claims 18 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Jones as applied to claims 1 and 20 above, in view of US Patent No. 6,353,926 to 
Parthesarathy. 

As per claim 18, which depends from claim 1 , Jones discloses all limitations of 
claim 1 , but fails to explicitly disclose the limitation of claim 18, namely: preventing the 
change includes discarding change data and returning a success to a component. 
However, Parthesarathy in an analogous art, adequately discloses preventing the 
change by discarding change data and returning a success to a component. See col. 
10, second paragraph. In a method of updating software, a user is notified only if the all 
ready installed software is a different version then that which is to be installed. At this 
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point the user may choose to discard or ignore the changes and proceed to use the 
nonupdated software. The effect of this is that the user continues to operate without 
receiving an error. This constitutes a successful run of the commands by the software 
component to be installed. This concept is analogous to the installation of individual 
files. Therefore it would have been obvious to one having ordinary skill in the art at the 
time the invention was made to modify the disclosure of Jones such that it included the 
feature of discarding change data and returning a success to a component. One would 
have been motivated to do so because this method would supply notification and leave 
the decision to the system operator as to whether the files should be installed or not, 
without causing an error in the event that the files are not installed, allowing for 
continual operation. 

As per claim 25, which depends from claim 20, it is rejected on the same basis 
as claim 18, because claim 25 further limits claim 20 in the same manner that claim 18 
further limits claim 1. 

Claim 24 is rejected under 35 U.S.C. 103(a) as being unpatentable over Jones 
as applied to claim 20 above, in view of Kishi as applied to claim 5 above. 

Claim 26 is rejected under 35 U.S.C. 103(a) as being unpatentable over Jones 
as applied to claim 20 above in view of Rogue Wave Software, 1996. Jones discloses 
all limitations of claim 20 as discussed above, however, Jones, fails to explicitly disclose 
the use of a copy-on-write saving process for allowing the change. However, 
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RogueWave Software, in an analogous art, adequately discloses the copy on write 
process for saving. It would have been obvious to one having ordinary skill in the art at 
the time the invention was made to include this feature in the file protection system of 
Jones, in order to allow changes without immediately overwriting the original file. One 
would have been motivated to do so, because this technique offers the advantage of 
minimized copying, making it more efficient and quick, as discussed by Rogue Wave 
Software, paragraph 1 . 

Claim 27 is rejected under 35 U.S.C. 103(a) as being unpatentable over Jones 
as applied to claim 20 above in view of US Patent No. 6,308,274 to Swift. Jones 
discloses all limitations of claim 20 as discussed above, however, Jones, fails to 
explicitly disclose determining whether the file is an exception case including checking a 
security descriptor of the file. However, Swift in an analogous art, adequately discloses 
checking a security descriptor that associates a file with the access owner of the file, 
(see col. 13, lines 1-19). It would have been obvious to one having ordinary skill in the 
art at the time the invention was made to check a security descriptor of the file in order 
to determine whether the file was an exception case. One would have been motivated 
to do so because, it would allow change by the owner of the file, and otherwise restrict 
it, thus making secure and wanted changes, while controlling the rest of them. 

Claim 28 is rejected under 35 U.S.C. 103(a) as being unpatentable over Jones 
as applied to claim 20 above in view of examiner. Jones discloses all limitations of 
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claim 20 as discussed above, however, Jones, fails to explicitly disclose providing a 
prompt before allowing a change. However, examiner respectfully asserts that it is well- 
known in the art that a prompt may be provided prior to writing changes made to a file, 
in order to confirm that the change is actually the intention of the user. One would have 
been motivated to use such a prompt because it would accommodate for an abort 
process in the event that the user did not want to allow/save the changes. 

Claim 29 is rejected under 35 U.S.C. 103(a) as being unpatentable over Jones 
as applied to claim 20 above, in view of Kishi as applied to claim 6 above. 

Claim 36 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Krishnaswami as applied to claim 31 above, in view of Kishi as applied to claim 5 
above. 

Claim 37 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Krishnaswami in view of Kishi as applied to claim 36 above, in view of Parthesarathy. 

As per claim 37, which depends from claim 1, the Krishnaswami-Kishi 
combination discloses all limitations of claim 36, but fails to explicitly disclose the 
limitation of claim 37, namely: The computer system of claim 31 wherein the file 
protection service returns information indicative of a success. However, Parthesarathy 
in an analogous art, adequately discloses preventing the change by discarding change 
data and returning a success to a component. See col. 10, second paragraph. In a 
method of updating software, a user is notified only if the all ready installed software is a 
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different version then that which is to be installed. At this point the user may choose to 
discard or ignore the changes and proceed to use the nonupdated software. The effect 
of this is that the user continues to operate without receiving an error. This constitutes a 
successful run of the commands by the software component to be installed. This 
concept is analogous to the installation of individual files. Therefore it would have been 
obvious to one having ordinary skill in the art at the time the invention was made to 
modify the disclosure of the Krishnaswami-Kishi combination such that it included the 
feature of returning information indicative of a success. One would have been 
motivated to do so because this method would supply notification and leave the 
decision to the system operator as to whether the files should be installed or not, 
without causing an error in the event that the files are not installed, allowing for 
continual operation. 

Claim 41 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Krishnaswami as applied to claim 40 above in view of the Jones-Midgeley combination 
as applied to claim 12 above. 

Claims 42, and 43 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Krishnaswami as applied to claim 40 above in view of the Jones-Midgeley-Dllfiles 
combination as applied to claims 14, and 16 above. 



Conclusion 
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The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

The following is a list of US Patents related to the claimed invention: 

5,144,659 

5,604,862 

6,308,274 

6,618,735 b1 

5,586,301 a 

4,884,211 

6,625,623 

4,757,533 

The following is a list of the non-patent literature related to the claimed invention: 
www.dll-files.com. 1998. 



Microsoft Knowledge Base Article- 222193. Description of the Windows File 
Protection Feature. 



Grenyer, Paul. Copy on Write. 



Rogue wave Software. Copy on Write. 1996. 
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Kim, Gene H. The Design and Implementation of Tripwire: A File System Integrity 
Checker, 1994. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to AN M. Mashaal whose telephone number is 703-305- 
7854. The examiner can normally be reached on 8:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Albert Decady can be reached on 703-305-9595. The fax phone number for 
the organization where this application or proceeding is assigned is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-305- 
3900. 




Albert DeCady 
Primary Examiner 



AM 



